How to Unblock VPNs in Russia and China
With Russia's new law, using VPNs are going to become even more difficult. Here's how to bypass Russia's block on VPNs. Share
Recently, Russian President Vladimir Putin signed a bill that will prohibit the use of Virtual Private Networks (VPNs) in order to border their censorship efforts. Along with Russia, China has also taken a stringent stand against the use of VPNs. It has ordered the country’s three telecom giants to restrict individuals from accessing VPNs and it also had Apple remove two major VPN providers from the from the Chinese market to meet the new regulations.
While we do not know what the outcome of Russia’s new law will be, which takes effect in November, we do not want to take that users won’t be able to access content. So, if you’re wondering how to bypass the VPN block in Russia and China, we’ve got the solution for you.
What is Internet censorship?
The government and various other organizations to restrict access to sensitive or dangerous content on the internet generally impose internet censorship. However, some governments use it to promote political agendas or religious beliefs.
Initially, Internet stood as a firm medium for promotion of freedom of speech and expression. The Internet community rather than the governments or official organizations monitored it. However, many countries prevent users from accessing certain popular social media websites or news websites. Sometimes, all the websites with a particular type of content are also blocked. In some places, it can be implemented on a large scale which can filter entire country’s internet. Censorship may even occur for a short duration because of certain politically unstable conditions.
To stay up to date on internet censorship around the globe, check out our live updates page.
How do VPNs help evade censorship?
VPNs allow you bypass censorship almost anywhere. VPNs reroute your traffic through trusted access points and encrypts your data, evading internet censorship and securing your privacy online. For a more in-depth look at VPNs, check out our beginner’s guide.
Are VPNs legal?
Even though VPN blocks are placed, the policies for evading these blocks aren’t stringent. Use of VPNs will almost never get you in trouble with the judicial system. However, you must note that even though the use of VPNs and evading VPN blocks is not illegal, the content you are accessing might be illegal.
How are VPNs blocked?
There are many ways to block a VPN, but there are also ways to bypass it. While we do not know how Russia will block VPNs, we can assume it will be one or more of the following methods.
Blocking access to VPN provider’s website
In order to prevent the use of VPNs, many organizations or governments restrict access to a VPN provider’s website. This prevents you from signing up and using their software.
Blocking IPs of known VPN servers
Another common method is to identify a VPN’s IP addresses and block them. However, this is only successful with bigger VPN companies; smaller ones have a tendency to slip by.
Deep Packet Inspection (DPI)
Deep Packet Inspection (DPI) is a method of packet filtering at the application layer of the Open System Interconnection (OSI) reference model. DPI can identify, classify, and block specific data packets, which determined if the data being sent has been encrypted by a VPN protocol. However, while a DPI can identify the data packets, it cannot block them.
Block specific ports
OpenVPN, a very popular VPN protocol uses port 1194 for UDP, which is a way for computers to communicate with one another. Other protocols like PPTP or L2TP use different ports. Firewalls can block these ports, preventing the VPNs from working.
How to bypass VPN blocks
If you’re worried about buying a VPN once the law goes into effect, the best thing to do is buy a VPN now. You will still (most likely) have access to your VPN. However, if your VPN is blocked through one of the various methods above, here’s what you need to do.
Change VPN providers
Keeping trail of all the IP addresses that belong to each VPN service providers is a relentless task. Switching to a VPN provider that is not blocked is one solution. You can also try switching to a different IP address that might not be blocked.
Run your own VPN server
Running your own VPN server is a highly effective option if you are trying to access any content from a censored location. Since the VPN service belongs to you, you don’t get the usual benefits and other services associated with commercial VPN providers. Instead, you get a unique VPN IP address which is not blocked by the authorities. However, creating your own VPN is very technical and we do not advise attempting it if you do not have any IT knowledge.
Use the Tor Network
Tor is a short form for The Onion Router. It is a non-profit organization with an aim to enable people to browse the internet anonymously and develop new and robust online privacy tools. The Tor network masks your identity by re-routing your traffic through a number of Tor servers spread all over the globe. It is also encrypted and re-encrypted at every stage thus making sure that no one can trace you. You can use Tor Bridges to bypass IP blocks on Tor nodes. Tor Bridges are Tor relays that are not indexed in the main directory of Tor. So, even if your Internet Service Provider is blocking all the known Tor relays, you can still evade the censorship as it is not possible to block all the Tor bridges. However, bridges should only be used if regular Tor doesn’t work.
You can also use obfsproxy to hide web traffic from Deep Packet Inspection (DPI). It wraps Tor’s traffic with an encryption using a handshake that has no identifiable byte patterns. Pluggable Transports transforms the traffic in such a way that censors who monitor traffic between the client and bridge will perceive it as an acceptable one instead of the actual Tor traffic.
Change port numbers
Many VPN service providers let you change the port numbers they use by default. TCP port 80 and TCP port 443 are the two most favored ports.
TCP port 80
This port is used by HTTP which is the most widely used protocol for all the internet traffic. If this port is blocked, then the entire internet can be blocked. So, generally, this port is never stalled. However, it is easy for DPI techniques to identify VPN traffic that is using this port.
TCP port 443
This port is used by HTTPS, and all the VPN traffic on this port is routed through the TLS encryption. Since HTTPS secures all secured websites, the banking and e-commerce operations are based on it.
If your VPN provider doesn’t allow you to change port numbers, you can switch to it with an easy edit in the OpenVPN configuration (.ovpn) file. You can also use STTP protocol because it uses TCP port 443 by default.
Certain sensitive DPI techniques can analyse packet size and timing to detect OpenVPN’s characteristic handshake even if it is hidden under HTTPS. The two basic ways that can help you evade such VPN blocks are SSL Tunneling and SSH Tunneling.
SSL Tunneling, also called stunnel, is an open-source program that creates TLS/SSL tunnels. HTTPS uses TLS/SSL for encryption. Hence, it is very difficult to filter the VPN traffic from the regular HTTPS traffic when it is routed through TLS/SSL tunnels. In this mechanism, the OpenVPN data is further wrapped inside another layer of TLS/SSL encryption. DPI techniques that are used to identify VPNs are not able to rupture this layer of encryption, and therefore, the OpenVPN encryption inside remains undetected.
In SSH, the VPN data is wrapped inside a layer of Secure Shell. Shell accounts on Unix systems are accessed using SSH. In very technical terms, SSH tunneling uses the PuTTY telnet or SSH client. PuTTY is a free and open source terminal emulator which can act as a client for the SSH. This allows you to access content undetected.
While Russia’s new law blocking VPNs seems like the end of accessing content, there is no way for the government to fully block the use of VPNs. Most VPN blocks can be easily bypassed using a different VPN that can go by undetected. For sensitive Deep Packet Inspection Techniques, SSH Tunneling, SSL Tunneling, or services like obfsproxy can help you bypass the block with ease.
If you’re looking for a VPN to use, check out our most recommended VPNs.